Comments on Aug 1 specs from Frederick Hirsch on 2002-09-05 (www-xkms@w3.org from September 2002)

From: Frederick Hirsch <hirsch@fjhirsch.com>
Date: Thu, 05 Sep 2002 17:55:57 -0400
To: www-xkms@w3.org, hirsch@fjhirsch.com
Message-ID: <3D77D2ED.3000304@fjhirsch.com>

I have a few comments on the August 1 editors copy of the XKMS
spec. [# num] refer to the paragraph numbers.

1) I do not understand the distinction between the Pending and Represent
responses and flows given in Part 2 of the specification. They look very 
much the same. It looks like the intent is that one causes an enqueuing
for later processing and the other implies a delayed response.

My question is, is the distinction necessary, or can we simplify this to
be one two-phase request/response?  If not, does it make sense to share 
a common abstract type (e.g. for nonce differences)?

If there is a need for both more explanation would be helpful.

2) Section 2.1 of Part 1 implies that synchronous responses must be
supported and asynchronous is optional [#34]. Paragraph [#37] gives an 
example  where a service would only support asynchronous by mediating 
each request with manual administrator review. How would this service
be able to also support the syncronous requirement for these messages?

3) Should the spec outline UDDI integration in  addition to DNS
integration?

4) My understanding is that GET should not cause side effects in a web
architecture. In light of this, should we use POST in 2.3.6 for
<PendingNotification> using the HTTP protocol?

5) The spec states that if an algorithm does not support a specified key
usage then that key usage should be ignored (4.1.3 #106). Perhaps more 
explanation would be helpful - that since this is used in a request 
prototype  it can safely be ignored because nothing can be returned for 
this usage anyway.

6) 4.2.2 [#165] seems to have a typo, should be "The response message"
instead of "request"

7) Is it required of ALL Trust services to revoke a private key when a
key recovery is performed? Should this be a requirement? 5.4.1 [#201]
Couldn't it be that the recovery is because I formatted my hard drive,
but still want to continue to still use the same signing key, for example?

8) I'm not sure why the Payload Binding is not supported (Part 2,
[#22]). Does this mean XML Encryption is not allowed for use within XKMS
messages?

9) I think it would help clarify the security binding presentation to
use grid lines in the tables.

Thanks

< Frederick

Frederick Hirsch

Received on Thursday, 5 September 2002 17:58:37 UTC